The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-27406 | FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. | MEDIUM | Apr 22, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-27405 | FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. | MEDIUM | Apr 22, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-27404 | FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. | HIGH | Apr 22, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1184 | A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | -- | Apr 20, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-29458 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | MEDIUM | Apr 19, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1353 | A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | LOW | Apr 19, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1304 | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. | MEDIUM | Apr 15, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-28346 | An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | HIGH | Apr 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-28739 | There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. | MEDIUM | Apr 13, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2015-20107 | In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | HIGH | Apr 13, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1271 | An arbitrary file write vulnerability was found in GNU gzip\'s zgrep utility. When zgrep is applied on the attacker\'s chosen file name (for example, a crafted file name), this can overwrite an attacker\'s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. | LOW | Apr 12, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4209 | A NULL pointer dereference flaw was found in GnuTLS. As Nettle\'s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. | -- | Apr 12, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-28390 | ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | MEDIUM | Apr 4, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-28389 | mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | MEDIUM | Apr 4, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-28388 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | MEDIUM | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1205 | A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | -- | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1204 | A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | -- | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1199 | A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. | -- | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1198 | A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. | -- | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1195 | A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. | LOW | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1154 | Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. | HIGH | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0216 | A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. | -- | Apr 4, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2021-4207 | A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | MEDIUM | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4206 | A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | MEDIUM | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-28356 | In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. | MEDIUM | Apr 3, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-28327 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | MEDIUM | Apr 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-0934 | A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. | -- | Apr 2, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-33657 | There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. | MEDIUM | Apr 2, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-24675 | encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. | MEDIUM | Apr 1, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1016 | A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle \'return\' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. | -- | Mar 30, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1048 | A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. | MEDIUM | Mar 26, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2018-25032 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | MEDIUM | Mar 26, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-27666 | A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. | MEDIUM | Mar 25, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1056 | Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. | MEDIUM | Mar 25, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0897 | A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt\'s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). | MEDIUM | Mar 25, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0494 | A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. | MEDIUM | Mar 25, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-0854 | A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. | LOW | Mar 24, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2021-45868 | In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. | MEDIUM | Mar 18, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0778 | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). | MEDIUM | Mar 17, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-27223 | In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. | MEDIUM | Mar 16, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-26353 | A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. | MEDIUM | Mar 15, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-26966 | An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. | LOW | Mar 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23943 | Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. | HIGH | Mar 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22721 | If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. | MEDIUM | Mar 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22720 | Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling | HIGH | Mar 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-22719 | A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | MEDIUM | Mar 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0943 | Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. | MEDIUM | Mar 14, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23042 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn\'t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 | MEDIUM | Mar 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23041 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn\'t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 | MEDIUM | Mar 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-23040 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn\'t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 | MEDIUM | Mar 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
